package com.kexio.user.controller;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.kexio.auth.annotation.RateLimit;
import com.kexio.auth.annotation.RequiresPermission;
import com.kexio.auth.util.AuthContextUtils;
import com.kexio.common.dto.PageResponse;
import com.kexio.common.dto.Result;
import com.kexio.user.dto.LoginLogDTO;
import com.kexio.user.dto.OperationLogDTO;
import com.kexio.user.dto.SecurityLogQueryDTO;
import com.kexio.user.service.SecurityLogService;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletResponse;

@RestController
@RequestMapping("/auth/security")
@Tag(name = "安全日志", description = "登录日志/操作日志查询与导出")
public class SecurityLogController {

    private static final Logger logger = LoggerFactory.getLogger(SecurityLogController.class);

    private final SecurityLogService securityLogService;

    public SecurityLogController(SecurityLogService securityLogService) {
        this.securityLogService = securityLogService;
    }

    // ============== 登录日志 ==============
    @GetMapping("/login-logs")
    @RequiresPermission("security:log:query")
    @RateLimit(count = 60, time = 1)
    @Operation(summary = "登录日志查询", description = "分页查询登录日志")
    public Result<PageResponse<LoginLogDTO>> getLoginLogs(SecurityLogQueryDTO query) {
        String tenantId = AuthContextUtils.getCurrentTenantId();
        logger.debug("查询登录日志: tenantId={}, current={}, size={}", tenantId, query.getCurrent(), query.getSize());
        PageResponse<LoginLogDTO> page = securityLogService.queryLoginLogs(query);
        return Result.success("查询成功", page);
    }

    @GetMapping("/login-logs/export")
    @RequiresPermission("security:log:export")
    @RateLimit(count = 10, time = 1)
    @Operation(summary = "导出登录日志", description = "导出登录日志为文件")
    public void exportLoginLogs(SecurityLogQueryDTO query, HttpServletResponse response) throws java.io.IOException {
        String tenantId = AuthContextUtils.getCurrentTenantId();
        logger.info("导出登录日志: tenantId={}", tenantId);
        securityLogService.exportLoginLogs(query, response);
    }

    @DeleteMapping("/login-logs/clear")
    @RequiresPermission("security:log:clear")
    @RateLimit(count = 5, time = 1)
    @Operation(summary = "清空登录日志", description = "清空所有登录日志")
    public Result<String> clearLoginLogs() {
        String tenantId = AuthContextUtils.getCurrentTenantId();
        logger.warn("清空登录日志: tenantId={}", tenantId);
        securityLogService.clearLoginLogs();
        return Result.success("清空成功");
    }

    // ============== 操作日志 ==============
    @GetMapping("/operation-logs")
    @RequiresPermission("security:log:query")
    @RateLimit(count = 60, time = 1)
    @Operation(summary = "操作日志查询", description = "分页查询操作日志")
    public Result<PageResponse<OperationLogDTO>> getOperationLogs(SecurityLogQueryDTO query) {
        String tenantId = AuthContextUtils.getCurrentTenantId();
        logger.debug("查询操作日志: tenantId={}, current={}, size={}", tenantId, query.getCurrent(), query.getSize());
        PageResponse<OperationLogDTO> page = securityLogService.queryOperationLogs(query);
        return Result.success("查询成功", page);
    }

    @GetMapping("/operation-logs/export")
    @RequiresPermission("security:log:export")
    @RateLimit(count = 10, time = 1)
    @Operation(summary = "导出操作日志", description = "导出操作日志为文件")
    public void exportOperationLogs(SecurityLogQueryDTO query, HttpServletResponse response) throws java.io.IOException {
        String tenantId = AuthContextUtils.getCurrentTenantId();
        logger.info("导出操作日志: tenantId={}", tenantId);
        securityLogService.exportOperationLogs(query, response);
    }

    @DeleteMapping("/operation-logs/clear")
    @RequiresPermission("security:log:clear")
    @RateLimit(count = 5, time = 1)
    @Operation(summary = "清空操作日志", description = "清空所有操作日志")
    public Result<String> clearOperationLogs() {
        String tenantId = AuthContextUtils.getCurrentTenantId();
        logger.warn("清空操作日志: tenantId={}", tenantId);
        securityLogService.clearOperationLogs();
        return Result.success("清空成功");
    }
}


